CN106157215B - Information processing method and device - Google Patents

Information processing method and device Download PDF

Info

Publication number
CN106157215B
CN106157215B CN201610476362.7A CN201610476362A CN106157215B CN 106157215 B CN106157215 B CN 106157215B CN 201610476362 A CN201610476362 A CN 201610476362A CN 106157215 B CN106157215 B CN 106157215B
Authority
CN
China
Prior art keywords
information
suspicion
reporting
same
query
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610476362.7A
Other languages
Chinese (zh)
Other versions
CN106157215A (en
Inventor
李涓
宋丽思
钱军
刘文娇
李全涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Hongxiang Technical Service Co Ltd
Original Assignee
Beijing Qihoo Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qihoo Technology Co Ltd filed Critical Beijing Qihoo Technology Co Ltd
Priority to CN201610476362.7A priority Critical patent/CN106157215B/en
Publication of CN106157215A publication Critical patent/CN106157215A/en
Application granted granted Critical
Publication of CN106157215B publication Critical patent/CN106157215B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Systems or methods specially adapted for specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services
    • G06Q50/26Government or public services

Abstract

The invention discloses an information processing method and device, relates to the technical field of internet, and aims to solve the problem that the identity of a suspected subject is low in efficiency in the conventional network security determination. The method of the invention comprises the following steps: acquiring reporting information reported by different users; searching the same suspicion clue information in different reporting information; and associating the reporting information containing the same suspicion cue information to generate a suspicion information graph, wherein the suspicion information graph is used for displaying all the suspicion cue information of the same suspicion subject. The method and the device are applied to the phishing information processing process.

Description

Information processing method and device
Technical Field
The present invention relates to the field of internet technologies, and in particular, to a method and an apparatus for processing information.
Background
With the rapid development of the network, the online shopping becomes a faster shopping mode, and various physical commodities and virtual commodities can be purchased almost through the network, and online payment of the network is usually necessary as part of the online shopping. However, since the online shopping is not a face-to-face transaction, there is a certain risk that some lawbreakers may attract consumers by publishing information on the online shopping platform, and when a consumer wants to make a purchase, the lawbreakers may cheat the consumer to click on a website or scan a two-dimensional code for one or more times of consumption for various reasons, and when the consumer cheats money, the lawbreakers escape, and finally leave the property of the consumer empty.
At present, the number of phishing bureaus like the above is increasing, and the public security organization also establishes a network security department for the investigation and the processing of the phishing behavior which is specially responsible for. When the network security performs the detection of the network fraud, the detection is usually performed according to the received report information. However, the reporting information received by the network security is a piece of data information which is independent from each other, and after the fraud report is received, the fraud report is firstly compared with the original reporting information to judge whether the fraud report is the original suspected subject, and if the fraud report cannot be judged whether the fraud report is the original suspected subject, the identity of the suspected subject needs to be further investigated and determined again according to the reporting information. However, due to the diversification of the criminal approaches of the suspected subjects, for example, the same suspected subject can use different communication accounts, websites, and the like for fraud, how to more comprehensively display all the related information belonging to the same suspected subject is crucial to more quickly determining the identity of the suspected subject and improving the case handling efficiency of the network security. Therefore, how to more comprehensively display all the related information of the same suspected subject is one of the problems to be solved urgently.
Disclosure of Invention
In view of the above, the present invention has been made to provide a method and apparatus for information processing that overcomes or at least partially solves the above problems.
To solve the above technical problem, in one aspect, the present invention provides an information processing method, including:
acquiring reporting information reported by different users;
searching the same suspicion clue information in different reporting information;
and associating the reporting information containing the same suspicion cue information to generate a suspicion information graph, wherein the suspicion information graph is used for displaying all the suspicion cue information of the same suspicion subject.
In another aspect, the present invention provides an information processing apparatus, including:
the device comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring the reporting information reported by different users;
the clue information searching unit is used for searching the same suspected clue information in different reporting information;
and the information map generating unit is used for associating the reporting information containing the same suspicion cue information to generate a suspicion information map, and the suspicion information map is used for displaying all the suspicion cue information of the same suspicion subject.
By means of the technical scheme, the information processing method and the information processing device can firstly acquire the reporting information reported by different users; secondly, searching the same suspicion clue information in the reporting information of different users; and finally, associating the reporting information containing the same suspicion cue information to generate a suspicion information graph, wherein the suspicion information graph is used for displaying all the suspicion cue information of the same suspicion subject. Compared with the prior art, the method and the system have the advantages that the report information containing the same suspicion cue information in the report information of different users is associated to obtain the suspicion information picture of the same suspicion subject, and the suspicion information picture contains all the suspicion cue information related to the same suspicion subject in the report information of the users, so that the network security personnel can obtain all the suspicion cue information of the same suspicion subject, the suspicion subject can be determined more quickly through all the suspicion cue information, and the case handling efficiency is improved.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
FIG. 1 is a flow chart of a method of information processing provided by an embodiment of the invention;
FIG. 2 is a schematic diagram illustrating a map of suspect information according to an embodiment of the present invention;
FIG. 3 is a flow chart of another method of information processing provided by an embodiment of the present invention;
FIG. 4 is a flow chart of a method for processing information according to another embodiment of the present invention;
fig. 5 is a schematic diagram illustrating a report information association diagram according to an embodiment of the present invention;
FIG. 6 is a block diagram illustrating components of an information processing apparatus according to an embodiment of the present invention;
fig. 7 is a block diagram showing another information processing apparatus according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
In order to solve the problem of low identity efficiency of the suspected subject determined by the existing network security, an embodiment of the present invention provides an information processing method, as shown in fig. 1, the method includes:
101. and acquiring the reporting information reported by different users.
The embodiment mainly refers to the situation of passing through the phishing, so that the acquisition of the reporting information reported by different users mainly refers to all information that the users are cheated through the phishing, and the specific reporting information includes related information involved in a fraud process, such as personal information of victims, the amount of cheating, the fraud mode and the like.
The report information of different users acquired by the report platform is acquired from the report information base, and the sources of the report information in the report information base include two categories: one is that the user reports directly through a reporting channel of a reporting platform, and the reporting platform directly stores reporting information in a reporting information base corresponding to the reporting platform; the other type is that the user directly finds the network security to report offline, then the network security records the reporting information and directly uploads the recorded reporting information to a reporting information base corresponding to a reporting platform.
102. And searching the same suspicion clue information in different reporting information.
When a suspected subject is in fraud, different methods may be used for fraud, such as direct use of phishing, use of other phishing websites with the same Internet Protocol (IP) address corresponding to the phishing websites, use of communication account numbers (mobile phone numbers, QQ numbers, and the like) to send suspected websites to users for fraud, and the like. However, each individual report information may not include suspicion cue information used in all fraud modes of the same suspicion subject, and the suspicion cue information refers to communication accounts, websites, mailboxes and the like involved in a fraud process, so that correlation analysis needs to be performed on report information of different users in order to obtain all correlated suspicion cue information of the same suspicion subject.
Moreover, different reporting information may include the same suspicion cue information, such as: the suspected clue information contained in the reporting information a is as follows: website a and mobile phone number a used in fraud; the suspected clue information contained in the report information B is: the website a and the mobile phone number B used in fraud can see that the websites used in fraud in the reporting information A and the reporting information B are the same. In general, suspected subjects corresponding to different reporting information including the same suspicion information are considered to be the same subject. Therefore, in order to obtain all relevant suspicion cue information of the same suspicion subject, different reporting information can be subjected to correlation analysis in a mode of searching the same suspicion cue information contained in different reporting information, and preparation is made for obtaining all the suspicion cue information of the same suspicion subject subsequently.
103. And associating the reporting information containing the same suspicion cue information to generate a suspicion information graph.
After the same suspicion cue information in different reporting information is searched, the different reporting information with the same suspicion cue information can be associated. The effect of associating different reporting information containing the same suspected lead information is described by a specific example: for the two pieces of reporting information a and B in step 102, since both contain the same website a, the two pieces of reporting information may be associated, that is, the mobile phone number a, the mobile phone number B, and the website a therein are used as different suspicion clue information of the same suspicion subject. If the suspected clue information contained in the other report information C is: the website C and the mobile phone number B can see that the reporting information B and the reporting information C contain the same mobile phone number B, so that the two pieces of reporting information can be associated, namely the mobile phone number B, the website a and the website C can be used as different suspicion clue information of the same suspicion subject. The suspicion subject associated with the report information A, B and the suspicion subject associated with the report information B, C all contain the same suspicion information, so that the two associated suspicion subjects are regarded as the same suspicion subject, and finally different suspicion cue information that the mobile phone number a, the mobile phone number b, the website a and the website c all belong to the same suspicion subject can be obtained.
The method comprises the steps of associating different reporting information containing the same suspicion cue information to obtain all suspicion cue information of the same suspicion subject, generating a suspicion information graph corresponding to all the suspicion cue information of the same suspicion subject, enabling the security officer to obtain all the suspicion cue information of the same suspicion subject, and further helping the security officer to investigate cases. Fig. 2 is a schematic diagram of a suspected information map of a suspected subject, where the suspected lead information corresponding to the suspected subject includes: whois mailbox, telephone number, QQ number, website 4 type. In actual applications, the types, the number and the contents of the suspicion cue information in the suspicion information graphs corresponding to different suspicion subjects are different, so that the corresponding generated suspicion information graphs are also different. Fig. 2 is a representation of a suspected information map, and may be other than the representation of the star structure as in fig. 2.
The information processing method provided by this embodiment can first obtain the reporting information reported by different users; secondly, searching the same suspicion clue information in the reporting information of different users; and finally, associating the reporting information containing the same suspicion cue information to generate a suspicion information graph, wherein the suspicion information graph is used for displaying all the suspicion cue information of the same suspicion subject. Compared with the prior art, the embodiment can associate the report information containing the same suspicion cue information in the report information of different users to obtain the suspicion information picture of the same suspicion subject, and all suspicion cue information related to the same suspicion subject in the report information of the users are contained in the suspicion information picture, so that the security personnel can obtain all the suspicion cue information of the same suspicion subject, and can determine the suspicion subject more quickly through all the suspicion cue information, thereby improving the handling efficiency.
Further, as a refinement and an extension of the method shown in fig. 1, another embodiment of the present invention further provides an information processing method. As shown in fig. 3, the method includes:
301. and acquiring the reporting information reported by different users.
The implementation of this step is the same as that of step 101 in fig. 1, and is not described here again.
302. And searching the same suspicion clue information in different reporting information.
The implementation of this step is the same as that of step 102 in fig. 1, and is not described here again.
303. And respectively associating the reporting information containing the same suspected clue information to obtain an associated reporting information set.
Since the same suspicion cue information is searched for all different reporting information, a plurality of suspicion cue information are obtained, for example, if the search result obtained in step 302 is: the 10 pieces of reporting information contain the same suspicion cue information mobile phone number a, the 20 pieces of reporting information contain the same suspicion cue information website b, the 5 pieces of reporting information contain the same suspicion cue information mobile phone number b, and the mobile phone number a, the website b and the mobile phone number b are the same suspicion cue information. In this step, the reporting information including the same suspicion cue information is associated, that is, all the same suspicion cue information to be found are collected together corresponding to all the reporting information, so as to obtain a plurality of associated reporting information sets.
304. And associating different associated report information sets corresponding to the same report information to generate a suspect information map.
Since the different associated report information sets obtained in step 303 may further include the same report information, and the associated report information sets including the same report information are also associated, it is further required to associate different associated report information sets including the same report information, and finally obtain a complete suspicion information map of the suspicion main body, the reason why the different associated report information sets including the same report information need to be associated is explained by specific examples, that the suspicion information included in report information a-E of a certain 5 users is that a includes a mobile phone number a and a website a, B includes a mobile phone number a and a website B, C includes a mobile phone number a and a QQ number C, D includes a website B and a QQ number D, E includes B and a website E, that analysis can obtain A, B, C that the same suspicion information included in three report information sets is a mobile phone number a, that the same suspicion information included in three mailboxes is identical suspicion information, that the same suspicion information included in a set is identical suspicion information, that the same suspicion information set is obtained by identifying that the same suspicion information included in a, B, a, B, and q is identical suspicion information included in a set, and a, q information included in three mailbox information sets of the same suspicion information set, and a, B, and q, which are identified as suspicion information included in a, and a are obtained by analyzing, and a, and Q < 2 < C, and Q < 2 < C, namely, and a < C, and a < 2 < C, which are associated suspicion information in the same suspicion information set, and a < C, which are associated suspicion information set, and a < C, which are associated suspicion information in three mailbox < C, which are associated suspicion information set, and a are related to the same suspicion information in three mailbox < 2 < C, and a, are related to the same suspicion information set, and a.
Further, the generated suspect information map is checked by the network security personnel, so that the network security personnel needs to check the suspect information map in a certain way. When checking the suspicion information graph, the specific network security personnel usually inputs one or more pieces of suspicion cue information and then displays the suspicion information graph of the suspicion main body corresponding to the suspicion cue information or the suspicion cue information, so that the network security personnel can quickly and comprehensively acquire all the suspicion cue information of a certain suspicion main body, and therefore the handling efficiency can be improved. In addition, enough evidence is provided for network security and case setting, for example, the fraud amount related to one phishing case cannot meet the case setting standard, but all suspicion clue information belonging to the same suspicion subject as the case can be checked through the suspicion information graph, and other cases corresponding to other suspicion clue information can be found, and the amount related to a plurality of cases can meet the case setting standard.
Further, on the basis of displaying the generated suspicion information map to the network security personnel, receiving an inquiry instruction, wherein the inquiry instruction is to select any suspicion clue information contained in the suspicion information map, and then searching reporting information corresponding to the selected suspicion clue information according to the inquiry instruction. The corresponding reporting information is searched for showing all contents of the reporting information corresponding to the suspected clue information, so that the network security can conveniently and directly obtain useful information, and the reporting information not only contains the suspected clue information, but also contains personal information of a victim or specific description about a case and the like, and the information is not shown in a suspected information graph. For example, if the security officer wants to obtain more detailed information about fraud execution of a corresponding suspected subject related to a certain suspicion information through the victim, the security officer can obtain a contact address of the victim through the report information and communicate with the contact address. And searching for first statistical information corresponding to different areas and/or different preset time periods and containing the suspicion clue information corresponding to the query instruction according to the query instruction. The first statistical information mainly refers to statistics of the number of cases related to certain suspected clue information in different areas or different preset time periods, statistics of the total amount of the corresponding cases, statistics of the number or proportion of damaged objects (male, female, company, individual, and the like) in the corresponding cases, and the like. Specific examples thereof are: counting the number of all cases reporting the information of the suspected clue in one day; respectively counting the total number of cases which report the suspect thread information in each province till the current time; reporting the male and female proportion of the victim corresponding to the suspicion clue information, and the like. Each case corresponds to one report message in the embodiment. It should be noted that the statistical information included in the first statistical information may be freely set according to the actual application requirements, including setting of the region, setting of the preset time period, setting of the type of the damaged object, and the like.
Furthermore, since the reporting information of the general user does not include the IP address corresponding to the fraud website, and the IP address is suspected clue information that may be used by the network security personnel in the case investigation process, after the suspected information map is generated, each website included in the suspected information map is used to obtain a corresponding IP address through a Domain Name System (DNS), and the IP address is added to the suspected information map, so that the suspected information map is more complete.
Further, as a refinement and an extension of the method shown in fig. 1 and fig. 3, another embodiment of the present invention further provides a method for processing information. As shown in fig. 4, the method includes:
401. and receiving the reporting information reported by different users.
The implementation of this step is the same as that of step 101 in fig. 1, and is not described here again.
402. And classifying the different reporting information to generate a reporting information association diagram.
The step of classifying the different reporting information means that the different reporting information is reclassified according to the types of the different suspicion clue information contained in the reporting information. The different types correspond to different query dimensions, and the query dimensions in the embodiment include a fraud region, a fraud amount, a fraud time, a fraud object, a fraud mode, an amount payment mode and the like. Fig. 5 is a schematic diagram of the generated report information association diagram, which includes six query dimensions of fraud region, fraud amount, fraud time, fraud object, fraud mode and amount payment mode. Wherein the fraud areas include nationwide provinces; the fraud amount is divided into various types of 500 yuan below, 500 yuan plus 1000 yuan above and 1000 yuan above; fraud times include various types, such as the current day and the previous week; the fraud modes comprise various types such as telephone fraud, website fraud and the like; the payment method of the amount comprises payment treasure payment, WeChat payment, Yibao payment and the like. It should be noted that, in actual application, the reported information may be classified according to other query dimensions according to different actual requirements, and in addition, the associated information graph in this embodiment is organized by using a star-shaped structure, and may also be organized by using structures in other forms in actual application. It should be noted that the ellipses in fig. 5 represent that there may be more types.
403. A query condition is received, the query condition including at least one query dimension.
Receiving a query condition based on the reported information correlation diagram, wherein the query condition comprises at least one query dimension involved in the step 402.
404. And inquiring second statistical information corresponding to all the reported information corresponding to the query condition.
And after receiving the query condition, querying second statistical information of all corresponding reported information according to the query dimension contained in the query condition. The second statistical information is statistical information of the report information corresponding to the query conditions on different query dimensions respectively. Specifically, the method comprises the following steps: if the query condition is 2015.1.2-2015.2.1 and the fraud amount is 500-1000 yuan two query dimensions, 100 pieces of reporting information are obtained corresponding to the two query dimensions, then the 100 pieces of reporting information are classified and counted according to different query dimensions, for example, the 100 pieces of reporting information are respectively distributed in which provinces and cities, how many pieces of each province and city are, the total fraud amount number related in each province and city, the number or proportion of victims and men or women in the reporting information, which types of fraud modes and the number of each type are related in the reporting information, which types of money payment modes in the reporting information and the number of each type are related, the number statistics of the 100 pieces of reporting information per day in the 2015.1.2-2015.2.1 time period, and the like. In addition, in the actual application process, for some cases with more categories, it is also possible to select to display only part of the corresponding data, for example, only the number of reports corresponding to the area where the number of reports exceeds 10, or only the number of reports corresponding to the first three areas where the number of reports is the largest, or only the total amount of money of the first three areas where the total amount of money is the largest for fraud amount, etc. for different areas.
Further, as an implementation of the foregoing embodiments, another embodiment of the embodiments of the present invention further provides an information processing apparatus, configured to implement the methods described in fig. 1, fig. 3, and fig. 4. As shown in fig. 6, the apparatus includes: an acquisition unit 601, a cue information lookup unit 602, and an information map generation unit 603.
An obtaining unit 601, configured to obtain reporting information reported by different users;
a thread information searching unit 602, configured to search for the same suspected thread information in different reporting information;
an information map generating unit 603 is configured to associate reporting information including the same suspicion cue information to generate a suspicion information map, where the suspicion information map is used to display all the suspicion cue information of the same suspicion subject.
Further, as shown in fig. 7, the information map generating unit 603 includes:
a first associating module 6031, configured to associate reporting information including the same suspected lead information respectively to obtain an associated reporting information set;
a second associating module 6032, configured to associate different sets of associated report information that include the same report information and correspond to each other, to generate a suspect information map.
Further, the suspected thread information in the thread information search unit 602 includes: communication account, website and mailbox.
Further, as shown in fig. 7, the apparatus further includes:
an instruction receiving unit 604, configured to receive a query instruction, where the query instruction is to select suspected hint information included in a suspected information graph;
a report information search unit 605 configured to search report information corresponding to the suspected lead information corresponding to the query instruction;
the statistical information searching unit 606 is configured to search for first statistical information corresponding to different areas and/or different preset time periods and including suspicion cue information corresponding to the query instruction.
Further, as shown in fig. 7, the apparatus further includes:
the analyzing unit 607 is configured to perform domain name analysis on the website included in the suspect information map to obtain a corresponding IP address;
an adding unit 608, configured to add the IP address to the map of suspect information.
Further, as shown in fig. 7, the apparatus further includes:
the association map generating unit 609 is configured to classify the reporting information reported by different users to generate a reporting information association map, where different types correspond to different query dimensions, and the query dimensions include a fraud area, a fraud amount, a fraud time, a fraud object, a fraud mode, and an amount payment mode.
Further, as shown in fig. 7, the apparatus further includes:
a condition receiving unit 610, configured to receive a query condition, where the query condition includes at least one query dimension;
the query unit 611 is configured to query second statistical information corresponding to all the report information corresponding to the query condition, where the second statistical information is statistical information of the corresponding report information in different query dimensions.
The information processing apparatus provided in this embodiment can first obtain the report information reported by different users; secondly, searching the same suspicion clue information in the reporting information of different users; and finally, associating the reporting information containing the same suspicion cue information to generate a suspicion information graph, wherein the suspicion information graph is used for displaying all the suspicion cue information of the same suspicion subject. Compared with the prior art, the embodiment can associate the report information containing the same suspicion cue information in the report information of different users to obtain the suspicion information picture of the same suspicion subject, and all suspicion cue information related to the same suspicion subject in the report information of the users are contained in the suspicion information picture, so that the security personnel can obtain all the suspicion cue information of the same suspicion subject, and can determine the suspicion subject more quickly through all the suspicion cue information, thereby improving the handling efficiency.
In the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
It will be appreciated that the relevant features of the method and apparatus described above are referred to one another. In addition, "first", "second", and the like in the above embodiments are for distinguishing the embodiments, and do not represent merits of the embodiments.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The algorithms and displays presented herein are not inherently related to any particular computer, virtual machine, or other apparatus. Various general purpose systems may also be used with the teachings herein. The required structure for constructing such a system will be apparent from the description above. Moreover, the present invention is not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
The various component embodiments of the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functions of some or all of the components in the title of the invention, such as an information processing apparatus, according to an embodiment of the invention. The present invention may also be embodied as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present invention may be stored on computer-readable media or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.

Claims (12)

1. A method of information processing, the method comprising:
acquiring reporting information reported by different users, wherein the reporting information reported by different users comprises all suspicion clue information of the same suspicion subject;
searching the same suspicion clue information in different reporting information;
associating the reporting information containing the same suspicion cue information to generate a suspicion information graph, wherein the suspicion information graph is used for displaying all the suspicion cue information of the same suspicion subject;
the method for generating the suspect information map by associating the reporting information containing the same suspect thread information includes the following steps:
respectively associating the reporting information containing the same suspicion clue information to obtain an associated reporting information set;
and associating different associated report information sets corresponding to the same report information to generate the suspect information graph.
2. The method of claim 1, wherein the suspicion cue information comprises: communication account, website and mailbox.
3. The method of claim 1, further comprising:
receiving a query instruction, wherein the query instruction is used for selecting suspicion cue information contained in the suspicion information graph;
searching reporting information corresponding to the suspected clue information corresponding to the query instruction; and/or the presence of a gas in the gas,
and searching first statistical information which corresponds to different areas and/or different preset time periods and contains the suspicion clue information corresponding to the query instruction.
4. The method of claim 2, further comprising:
performing domain name resolution on the website contained in the suspect information map to obtain a corresponding IP address;
adding the IP address to the map of suspect information.
5. The method of claim 1, further comprising:
classifying the reporting information reported by different users to generate a reporting information association graph, wherein different types correspond to different query dimensions, and the query dimensions comprise a fraud area, a fraud amount, a fraud time, a fraud object, a fraud mode and an amount payment mode.
6. The method of claim 5, further comprising:
receiving a query condition, wherein the query condition comprises at least one query dimension;
and inquiring second statistical information corresponding to all the report information corresponding to the inquiry condition, wherein the second statistical information is statistical information of the corresponding report information on different inquiry dimensions.
7. An apparatus for information processing, the apparatus comprising:
the system comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring the reporting information reported by different users, and the reporting information reported by different users comprises all suspicion clue information of the same suspicion subject;
the clue information searching unit is used for searching the same suspected clue information in different reporting information;
the system comprises an information graph generating unit, a suspected information graph generating unit and a processing unit, wherein the information graph generating unit is used for associating reporting information containing the same suspected clue information to generate a suspected information graph, and the suspected information graph is used for displaying all the suspected clue information of the same suspected subject;
wherein, the information map generating unit includes:
the first association module is used for associating the reporting information containing the same suspicion clue information respectively to obtain an associated reporting information set;
and the second association module is used for associating different associated report information sets corresponding to the same report information to generate the suspect information map.
8. The apparatus of claim 7, wherein the suspected hint information in the hint information lookup unit comprises: communication account, website and mailbox.
9. The apparatus of claim 7, further comprising:
the instruction receiving unit is used for receiving a query instruction, wherein the query instruction is used for selecting the suspicion cue information contained in the suspicion information graph;
the report information searching unit is used for searching report information corresponding to the suspected clue information corresponding to the query instruction;
and the statistical information searching unit is used for searching first statistical information which corresponds to different areas and/or different preset time periods and contains the suspected clue information corresponding to the query instruction.
10. The apparatus of claim 8, further comprising:
the resolution unit is used for carrying out domain name resolution on the website contained in the suspicion information graph to obtain a corresponding IP address;
and the adding unit is used for adding the IP address into the suspicion information graph.
11. The apparatus of claim 7, further comprising:
and the association diagram generating unit is used for classifying the reporting information reported by different users to generate the reporting information association diagram, wherein different types correspond to different inquiry dimensions, and the inquiry dimensions comprise a fraud area, a fraud amount, a fraud time, a fraud object, a fraud mode and an amount payment mode.
12. The apparatus of claim 11, further comprising:
the query processing device comprises a condition receiving unit, a query processing unit and a query processing unit, wherein the condition receiving unit is used for receiving query conditions, and the query conditions comprise at least one query dimension;
and the query unit is used for querying second statistical information corresponding to all the report information corresponding to the query condition, wherein the second statistical information is statistical information of the corresponding report information on different query dimensions.
CN201610476362.7A 2016-06-24 2016-06-24 Information processing method and device Active CN106157215B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610476362.7A CN106157215B (en) 2016-06-24 2016-06-24 Information processing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610476362.7A CN106157215B (en) 2016-06-24 2016-06-24 Information processing method and device

Publications (2)

Publication Number Publication Date
CN106157215A CN106157215A (en) 2016-11-23
CN106157215B true CN106157215B (en) 2020-04-03

Family

ID=57349853

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610476362.7A Active CN106157215B (en) 2016-06-24 2016-06-24 Information processing method and device

Country Status (1)

Country Link
CN (1) CN106157215B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106934592A (en) * 2017-02-16 2017-07-07 北京奇虎科技有限公司 A kind for the treatment of method and apparatus of report information
CN107819747B (en) * 2017-10-26 2020-09-18 上海欣方智能系统有限公司 Telecommunication fraud association analysis system and method based on communication event sequence
CN110457952A (en) * 2019-07-04 2019-11-15 阿里巴巴集团控股有限公司 A kind of monitoring and managing method of data record, device and equipment
CN110674269A (en) * 2019-08-23 2020-01-10 广东昭阳信息技术有限公司 Cable information management and control method and system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI417815B (en) * 2010-11-16 2013-12-01 Hon Hai Prec Ind Co Ltd Electronic device and method for sending message for help
CN103001856B (en) * 2012-12-05 2015-12-23 华为软件技术有限公司 A kind of information sharing method and system, instant communication client and server
CN104796280B (en) * 2014-01-21 2018-06-26 中国移动通信集团河北有限公司 A kind of service authority detection method and device
CN105681257B (en) * 2014-11-19 2020-01-14 腾讯科技(深圳)有限公司 Information reporting method, device, equipment and system based on instant messaging interaction platform and computer storage medium

Also Published As

Publication number Publication date
CN106157215A (en) 2016-11-23

Similar Documents

Publication Publication Date Title
CN106384273B (en) Malicious bill-swiping detection system and method
CN106549974B (en) Device, method and system for predicting whether social network account is malicious or not
CN106157215B (en) Information processing method and device
CN107872772B (en) Method and device for detecting fraud short messages
CN107515915B (en) User identification association method based on user behavior data
JP6145461B2 (en) System, method and apparatus for identifying links between interactive digital data
CN108540755B (en) Identity recognition method and device
US9876871B2 (en) User logging of web traffic on non-browser based devices
CN107798541B (en) Monitoring method and system for online service
CN110956547A (en) Search engine-based method and system for identifying cheating group in real time
CN104579909B (en) Method and equipment for classifying user information and acquiring user grouping information
JP6478286B2 (en) Method, apparatus, and system for screening augmented reality content
WO2017186086A1 (en) Information recommendation method, terminal, server, and computer storage medium
CN105681257B (en) Information reporting method, device, equipment and system based on instant messaging interaction platform and computer storage medium
CN110392155A (en) It has been shown that, processing method, device and the equipment of notification message
US9876800B2 (en) Integrating a router based web meter and a software based web meter
Rossy et al. Internet traces and the analysis of online illicit markets
CN107391543B (en) Wireless hotspot type identification method and device
CN111046287B (en) User production content pushing method and server
CN114706899A (en) Express delivery data sensitivity calculation method and device, storage medium and equipment
CN110309379A (en) Products Show method, apparatus, equipment and computer readable storage medium
JP2020135673A (en) Contribution evaluation system and method
CN111553702B (en) Payment risk identification method and device
CN108055661B (en) Telephone number blacklist establishing method and device based on communication network
CN109598485A (en) A kind of emergency event report thing method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20220728

Address after: 300450 No. 9-3-401, No. 39, Gaoxin 6th Road, Binhai Science Park, Binhai New Area, Tianjin

Patentee after: 3600 Technology Group Co.,Ltd.

Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park)

Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Patentee before: Qizhi software (Beijing) Co.,Ltd.

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20230704

Address after: 1765, floor 17, floor 15, building 3, No. 10 Jiuxianqiao Road, Chaoyang District, Beijing 100015

Patentee after: Beijing Hongxiang Technical Service Co.,Ltd.

Address before: 300450 No. 9-3-401, No. 39, Gaoxin 6th Road, Binhai Science Park, Binhai New Area, Tianjin

Patentee before: 3600 Technology Group Co.,Ltd.